CVE-2025-49905

by | Nov 12, 2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Reflected XSS.This issue affects Range Slider Addon for...

CVE-2025-49904

by | Nov 12, 2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager:...

CVE-2025-49900

by | Nov 12, 2025

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.

CVE-2025-49398

by | Nov 12, 2025

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Easy Appointments Easy Appointments easy-appointments allows Code Injection.This issue affects Easy Appointments: from n/a through <= 3.12.14.

CVE-2025-49394

by | Nov 12, 2025

Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Image Gallery block – Create and display photo...